Revision as of 18:39, 7 April 2009

Description

The source of a buffer overflow may be input data.
When it comes from the Overflow Binary Resource File, the attacker has to modify/prepare the binary file in such a way that the
application, after reading this file, has become prone to a classic Buffer overflow attack. The only difference between this attack
and the classic one is the source of the input data. Common examples are specially crafted MP3, JPEG or ANI files, which cause buffer overflows.

fread(b, sizeof(b), 1, f); - reads characters from the stream f, sizeof(b) once, to the buffer b. It looks OK.
However there is no room for a '\0', which terminates the string.

Whiile executing strcpy(p, b); where both buffers are equal, overflow takes place. What causes it is the absence of the
null byte/terminating character in a buffer b[]. The strcpy() function will copy into the buffer p[] everything starting
in b[0] and ending on the null byte. The attacker has successfully conducted the buffer overflow attack by crafting a
special file.